# Database setup. The driver can be either 'sqlite', 'mysql' or 'postgres'.
#
# For SQLite, only the databasename is required. However, MySQL and PostgreSQL
# also require 'username', 'password', and optionally 'host' ( and 'port' ) if the database
# server is not on the same host as the web server.
#
# If you're trying out Bolt, just keep it set to SQLite for now.
database:
driver: mysql
username: [[softdbuser]]
password: [[softdbpass]]
databasename: [[softdb]]
host: [[softdbhost]]
# The name of the website
sitename: A sample site
payoff: The amazing payoff goes here
# The theme to use.
#
# Don't edit the provided templates directly, because they _will_ get updated
# in next releases. If you wish to modify a default theme, copy its folder, and
# change the name here accordingly.
theme: base-2018
# The locale that'll be used by the application. If no locale is set the
# fallback locale is 'en_GB'. For available options, see:
# https://docs.bolt.cm/other/locales
#
# In some cases it may be needed to specify (non-standard) variations of the
# locale to get everything to work as desired.
#
# This can be done as [nl_NL, Dutch_Netherlands] when specifying multiple
# locales, ensure the first is a standard locale.
locale: [[language]]
# Set the timezone to be used on the website. For a list of valid timezone
# settings, see: http://php.net/manual/en/timezones.php
# timezone: UTC
# Set maintenance mode on or off.
#
# While in maintenance mode, only users of level editor or higher can access the
# site.
#
# All other visitors are presented with a notice that the site is currently
# offline.
#
# The default template file can be found in /app/theme_defaults/ and overridden
# with this option using your own theme.
#
# Note: If you've changed the filename, and your changes do not show up on the
# website, be sure to check for a config.yml file in your theme's folder.
# If a template is set there, it will override the setting here.
maintenance_mode: false
maintenance_template: maintenance_default.twig
# The hour of the day for the internal cron task scheduler to run daily, weekly,
# monthly and yearly jobs.
#
# Default: 3 (3 am)
cron_hour: 3
# If your site is reachable under different urls (say, both blog.example.org/
# as well as example.org/), it's a good idea to set one of these as the
# canonical, so it's clear which is the primary address of the site.
#
# If you include `https://`, it will be included in the canonical urls.
#canonical: example.org
# Bolt can insert a <link rel="shortcut icon"> for all pages on the site.
# Note: The location given is relative to the currently selected theme. If
# you want to set the icon yourself, just don't enable the following line.
#favicon: images/favicon-bolt.ico
# The default content to use for the homepage, and the template to render it
# with. This can either be a specific record (like `page/1`) or a listing of
# records (like `entries`). In the chosen 'homepage_template', you will have
# `record` or `records` at your disposal, depending on the 'homepage' setting.
#
# Note: If you've changed the filename, and your changes do not show up on
# the website, be sure to check for a theme.yml file in your theme's
# folder. If a template is set there, it will override the setting here.
homepage: homepage/1
homepage_template: index.twig
# The default content for the 404 page. Can be an (array of) template names or
# identifiers for records, which will be tried until a match is found.
#
# Note: The record specified in this parameter must be set to 'published'.
notfound: [ not-found.twig, block/404-not-found ]
# The default template for single record pages on the
# site.
#
# Can be overridden for each contenttype and for each record, if it has a
# 'templateselect' field.
#
# Note: If you've changed the filename, and your changes do not show up on the
# website, be sure to check for a config.yml file in your theme's folder.
# If a template is set there, it will override the setting here.
record_template: record.twig
# The default template and amount of records to use for listing-pages on the
# site.
#
# Can be overridden for each contenttype.
#
# Note 1: Sorting on TAXONOMY-pages will give unexpected results, if it has a
# pager.
# If you need sorting on those, make sure you display all the records on one
# page.
#
# Note 2: If you've changed the filename, and your changes do not show up on the
# website, be sure to check for a config.yml file in your theme's
# folder. If a template is set there, it will override the setting here.
listing_template: listing.twig
listing_records: 6
listing_sort: datepublish DESC
# Because of limitations on how the underlying database queries work, there are
# only two options for sorting on taxonomies. 'ASC' for roughly "oldest first"
# and 'DESC' for roughly 'newest first'.
taxonomy_sort: DESC
# Template for showing the search results. If not defined, uses the settings for
# listing_template and listing_records.
#
# Note: If you've changed the filename, and your changes do not show up on the
# website, be sure to check for a config.yml file in your theme's folder.
# If a template is set there, it will override the setting here.
search_results_template: search.twig
search_results_records: 10
# Add jQuery to the rendered HTML, whether or not it's added by an extension.
add_jquery: false
# The default amount of records to show on overview pages. Can be overridden
# for each contenttype.
recordsperpage: 10
# Settings for caching in parts of Bolt.
# - config: Caches the parsed .yml files from /app/config. It's updated
# immediately when one of the files changes on disk. There
# should be no good reason to turn this off.
#
# - templates: Caches rendered templates.
#
# - request: Caches rendered pages in the configured HTTP reverse proxy
# cache, on GET & HEAD requests.
# By default this is handled by Syfmony HTTP Cache.
#
# - duration: The duration (in minutes) for the 'templates' and 'request'
# options. default is 10 minutes. Note that the duration is set
# on storing the cache. By lowering this value you will not
# invalidate currently cached items.
#
# - authenticated: Cache 'templates' and 'request' for logged-on users. In most
# cases you should *NOT* enable this, because it will cause
# side-effects if the website shows different content to
# authenticated users.
#
# - thumbnails: Caches thumbnail generation.
#
# - translations: Caches translation files. It is recommend to leave this
# enabled. Only if you develop extensions and work with
# translation files you should turn this off.
caching:
config: true
templates: true
request: false
duration: 10
authenticated: false
thumbnails: true
translations: true
# Set 'enabled' to 'true' to log all content changes in the database.
#
# Unless you need to rigorously monitor every change to your site's content, it
# is recommended to keep this disabled.
changelog:
enabled: false
# Default settings for thumbnails.
#
# Quality should be between 0 (horrible, small file) and 100 (best, huge file).
#
# cropping: One of either crop, fit, borders, resize.
# default_thumbnail: The default size of images, when using
# {{ record.image|thumbnail() }}
# default_image: The default size of images, when using
# {{ record.image|image() }}
# allow_upscale: Determines whether small images will be enlarged to fit
# the requested dimensions.
# browser_cache_time: Sets the amount of seconds that the browser will cache
# images for. Set it to activate browser caching.
#
# Note: If you change these values, you might need to clear the cache before
# they show up.
thumbnails:
default_thumbnail: [ 160, 120 ]
default_image: [ 1000, 750 ]
quality: 80
cropping: crop
notfound_image: bolt_assets://img/default_notfound.png
error_image: bolt_assets://img/default_error.png
save_files: false
allow_upscale: false
exif_orientation: true
only_aliases: false
# browser_cache_time: 2592000
# Define the HTML tags and attributes that are allowed in 'cleaned' HTML. This
# is used for sanitizing HTML, to make sure there are no undesirable elements
# left in the content that is shown to users. For example, tags like `<script>`
# or `onclick`-attributes.
# Note: enabling options in the `wysiwyg` settings will implicitly add items to
# the allowed tags. For example, if you set `images: true`, the `<img>` tag
# will be allowed, regardless of it being in the `allowed_tags` setting.
htmlcleaner:
allowed_tags: [ div, span, p, br, hr, s, u, strong, em, i, b, li, ul, ol, mark, blockquote, pre, code, tt, h1, h2, h3, h4, h5, h6, dd, dl, dt, table, tbody, thead, tfoot, th, td, tr, a, img, address, abbr, iframe, caption, sub, sup, figure, figcaption ]
allowed_attributes: [ id, class, style, name, value, href, src, alt, title, width, height, frameborder, allowfullscreen, scrolling, target, colspan, rowspan, download, hreflang ]
# Uploaded file handling
#
# You can change the pattern match and replacement on uploaded files and if the
# resulting filename should be transformed to lower case.
#
# Setting 'autoconfirm: true' prevents the creation of temporary lock files
# while uploading.
#
# upload:
# pattern: '[^A-Za-z0-9\.]+'
# replacement: '-'
# lowercase: true
# autoconfirm: false
# Define the file types (extensions to be exact) that are acceptable for upload
# in either 'file' fields or through the 'files' screen. Note that certain file-
# types are never acceptable, even if they are in this list. These types are
# never allowed: sh, asp, cgi, php, php3, ph3, php4, ph4, php5, ph5, phtm, phtml
accept_file_types: [ twig, html, js, css, scss, gif, jpg, jpeg, png, ico, zip, tgz, txt, md, doc, docx, pdf, epub, xls, xlsx, ppt, pptx, mp3, ogg, wav, m4a, mp4, m4v, ogv, wmv, avi, webm, svg]
# Alternatively, if you wish to limit these, uncomment the following list
# instead. It just includes file types / extensions that are harder to exploit.
# accept_file_types: [ gif, jpg, jpeg, png, txt, md, pdf, epub, mp3, svg ]
# If you want to 'brand' the Bolt backend for a client, you can change some key
# variables here, that determine the name of the backend, and adds a primary
# support/contact link to the footer. Add a scheme, like `mailto:` or
# `https://` to the email or URL.
#
# Additionally you can change the mount point for the backend, either for
# convenience or to obscure it from prying eyes.
#
# The Bolt backend is accessible as `/bolt/` by default. If you change it here,
# it will only be accessible through the value set in 'path'.
# Keep the path simple: lowercase only, no extra slashes or other special
# characters.
# branding:
# name: SuperCMS
# path: /admin
# provided_by: [ supercool@example.org, "Supercool Webdesign Co." ]
# news_source: http://news.example.org
# news_variable: news
# Show the 'debug' nut in the lower right corner for logged-in user. By default,
# the debugbar is only shown to logged-in users. Use the 'debug_show_loggedoff'
# option to show it to all users. You probably do not want to use this in a
# production environment.
debug: true
debug_show_loggedoff: false
debug_permission_audit_mode: false
debug_error_level: 8181 # equivalent to E_ALL &~ E_NOTICE &~ E_DEPRECATED &~ E_USER_DEPRECATED &~ E_WARNING
# debug_error_level: -1 # equivalent to E_ALL
debug_error_use_symfony: false # When set to true, Symfony Profiler will be used for exception display when possible
debug_trace_argument_limit: 4 # Determine how many steps in the backtrace will show (dump) arguments.
# error level when debug is disabled
production_error_level: 8181 # = E_ALL &~ E_NOTICE &~ E_WARNING &~ E_DEPRECATED &~ E_USER_DEPRECATED
# System debug logging
# This will enable intensive logging of Silex functions and will be very hard on
# performance and log file size. The log file will be created in your cache
# directory.
#
# Enable this for short time periods only when diagnosing system issues.
# The level can be either: DEBUG, INFO, NOTICE, WARNING, ERROR, CRITICAL, ALERT, EMERGENCY
debuglog:
enabled: false
filename: bolt-debug.log
level: DEBUG
# Use strict variables. This will make Bolt complain if you use {{ foo }},
# when foo doesn't exist.
strict_variables: false
# There are several options for giving editors more options to insert images,
# video, etc in the WYSIWYG areas. But, as you give them more options, that
# means they also have more ways of breaking the preciously designed layout.
#
# By default the most 'dangerous' options are set to 'false'. If you choose to
# enable them for your editors, please instruct them thoroughly on their
# responsibility not to break the layout.
wysiwyg:
images: false # Allow users to insert images in the content.
styles: false # Allow users to use the custom styles you have defined (you need to set the "stylesSet" param in the ck section bellow)
anchor: false # Adds a button to create internal anchors to link to.
tables: false # Adds a button to insert and modify tables in the content.
fontcolor: false # Allow users to mess around with font coloring.
align: false # Adds buttons for 'align left', 'align right', etc.
subsuper: false # Adds buttons for subscript and superscript, using `<sub>` and `<sup>`.
embed: false # Allows the user to insert embedded video's from Youtube, Vimeo, etc.
underline: false # Adds a button to underline text, using the `<u>`-tag.
ruler: false # Adds a button to add a horizontal ruler, using the `<hr>`-tag.
strike: false # Adds a button to add stikethrough, using the `<s>`-tag.
blockquote: false # Allows the user to insert blockquotes using the `<blockquote>`-tag.
codesnippet: false # Allows the user to insert code snippets using `<pre><code>`-tags.
specialchar: false # Adds a button to insert special chars like '€' or '™'.
clipboard: false # Adds buttons to 'undo' and 'redo'.
copypaste: false # Adds buttons to 'cut', 'copy' and 'paste'.
abbr: true # Adds button to insert abbreviations using the `<abbr>`-tag
ck:
autoParagraph: true # If set to 'true', any pasted content is wrapped in `<p>`-tags for multiple line-breaks
disableNativeSpellChecker: true # If set to 'true' it will stop browsers from underlining spelling mistakes
allowNbsp: false # If set to 'false', the editor will strip out ` ` characters. If set to 'true', it will allow them. ¯\_(ツ)_/¯
#stylesSet: "custom:/path/to/your/custom/styles.js" see https://ckeditor.com/docs/ckeditor4/latest/guide/dev_styles.html for more informations
# Bolt uses the Google maps API for it's geolocation field and Google now
# requires that it be loaded with an API key on new domains. You can generate
# a key at https://developers.google.com/maps/documentation/javascript/get-api-key
# and enter it here to make sure that the geolocation field works.
# google_api_key:
# Global option to enable/disable the live editor
liveeditor: false
# Use the 'mailoptions' setting to configure how Bolt sends email: using 'smtp'
# or PHP's built-in `mail()`-function.
# Note that the latter might _seem_ easier, but it's been disabled by a lot of
# webhosts, in order to prevent spam from wrongly configured scripts. If you use
# it, your mail might disappear into a black hole, without producing any errors.
# Generally speaking, using 'smtp' is the better option, so use that if possible.
#
# Protip: If your webhost does not support SMTP, sign up for a (free) Sparkpost
# account at https://www.sparkpost.com/pricing/ for sending emails reliably.
#
# The mail defaults use bolt@yourhostname with the site title as a default.
# Override this with the senderName and senderMail fields
# mailoptions:
# transport: smtp
# spool: true
# host: localhost
# port: 25
# username: username
# password: password
# encryption: null
# auth_mode: null
# senderMail: null
# senderName: null
# mailoptions:
# transport: mail
# spool: false
# Bolt allows some modifications to how 'strict' login sessions are. For every
# option that is set to true, it becomes harder for a bad-willing person to
# spoof your login session. However, it also requires you to re-authenticate
# more often if you change location(ip-address) or your browser has frequent
# upgrades. Only change these if you know what you're doing, and you're having
# issues with the default settings.
#
# Note: If you change any of these, all current users will automatically be
# logged off.
cookies_use_remoteaddr: true
cookies_use_browseragent: false
cookies_use_httphost: true
# The length of time a user stays 'logged in'. Change to 0 to end the session
# when the browser is closed.
#
# The default is 1209600 (two weeks, in seconds).
cookies_lifetime: 1209600
# Set the session cookie to a specific domain. Leave blank, unless you know what
# you're doing.
#
# When set incorrectly, you might not be able to log on at all.
#
# If you'd like it to be valid for all subdomains of 'www.example.org', set this
# to '.example.org'.
cookies_domain:
# The hash_strength determines the amount of iterations for encrypting
# passwords.
#
# A higher number means a harder to decrypt password, but takes longer to
# compute. '8' is the minimum, '10' is the default, '12' is better.
hash_strength: 10
# Bolt sets the `X-Frame-Options` and `Frame-Options` to `SAMEORIGIN` by
# default, to prevent the web browser from rendering an iframe if origin
# mismatch (i.e. iframe source refers to a different domain).
#
# Setting this to 'false', will prevent the setting of these headers.
# headers:
# x_frame_options: true
# Bolt uses market.bolt.cm to fetch it's extensions by default. You can
# change that URL here.
#
# Do not change this, unless you know what you're doing, and understand the
# associated risks. If you use 'http://market.bolt.cm', Bolt will not use
# SSL, increasing the risk for a MITM attacks.
# extensions:
# site: 'https://market.bolt.cm/'
# enabled: true
# composer:
# minimum-stability: stable # Either 'stable', 'beta', or 'dev'. Setting 'dev' will allow you to install dev-master versions of extensions.
# prefer-stable: true # Prefer stable releases over development ones
# prefer-dist: true # Forces installation from package dist even for dev versions.
# prefer-source: false # Forces installation from package sources when possible, including VCS information.
# config:
# optimize-autoloader: false # Optimize autoloader during autoloader dump.
# classmap-authoritative: false # Autoload classes from the classmap only. Implicitly enables `optimize-autoloader`.
# Enforcing the use of SSL. If set, all pages will enforce an SSL connection,
# and redirect to HTTPS if you attempt to visit plain HTTP pages.
# enforce_ssl: true
# If configured, Bolt will trust X-Forwarded-XXX headers from the listed IP
# addresses and ranges when determining whether the current request is
# 'secure'.
#
# This is required to correctly determine the current hostname and protocol
# (HTTP vs. HTTPS) when running behind some proxy, e.g. a load balancer, cache,
# or SSL proxy.
#
# List the IP addresses or subnets that you know are such proxies.
#
# Note: Allowing hosts here that may not be trusted proxies is a security risk.
# If you do not understand what this does, it is probably best to not
# touch it.
# trustProxies:
# - 127.0.0.1 # Required. Otherwise internal subrequests break.
# - 10.0.0.0/8
# If you want Bolt installation get news through a proxy
# httpProxy:
# host: scheme://my.proxy.server:port
# user: [usr]
# password: [pwd]
# Options for backend user interface
# backend:
# news:
# disable: true # Disable news panel. Defaults to false. "Alerts" will still be shown.
# stack:
# disable: true # Disable stack usage. Defaults to false.
# Options that will be forced in next major version
compatibility:
# Whether to return TemplateView instead of TemplateResponse from Controller\Base::render()
# Response methods cannot be used on TemplateView objects.
# Setting this value to false is deprecated.
template_view: true
# Set to 'false' to enable using a newer version of the setcontent parser.
setcontent_legacy: true